DebianDEBIAN:DLA-53-1:B7DC7[SECURITY] [DLA 53-1] gnupg security update
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.7%
Package : gnupg
Version : 1.4.10-4+squeeze6
CVE ID : CVE-2014-5270
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys (CVE-2014-5270).
In addition, this update hardens GnuPG's behaviour when treating keyserver
responses; GnuPG now filters keyserver responses to only accepts those
keyids actually requested by the user.
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | ia64 | gnupg-udeb | < 1.4.12-7+deb7u6 | gnupg-udeb_1.4.12-7+deb7u6_ia64.deb |
| Debian | 7 | powerpc | gpgv | < 1.4.12-7+deb7u6 | gpgv_1.4.12-7+deb7u6_powerpc.deb |
| Debian | 7 | ia64 | libgcrypt11-dbg | < 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_ia64.deb |
| Debian | 7 | i386 | libgcrypt11-dbg | < 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_i386.deb |
| Debian | 7 | armhf | libgcrypt11-dbg | < 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_armhf.deb |
| Debian | 6 | amd64 | libgcrypt11 | < 1.4.5-2+squeeze2 | libgcrypt11_1.4.5-2+squeeze2_amd64.deb |
| Debian | 7 | armhf | gpgv | < 1.4.12-7+deb7u6 | gpgv_1.4.12-7+deb7u6_armhf.deb |
| Debian | 7 | s390x | libgcrypt11 | < 1.5.0-5+deb7u2 | libgcrypt11_1.5.0-5+deb7u2_s390x.deb |
| Debian | 7 | sparc | gnupg | < 1.4.12-7+deb7u6 | gnupg_1.4.12-7+deb7u6_sparc.deb |
| Debian | 7 | powerpc | libgcrypt11-dbg | < 1.5.0-5+deb7u2 | libgcrypt11-dbg_1.5.0-5+deb7u2_powerpc.deb |
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.7%